Training > Cybersecurity > Securing Coding Fundamentals (WSKF601)

Securing Coding Fundamentals (WSKF601)

Empower yourself to write and verify secure software by design. Learn and practice with hands-on labs that build behavior-changing skills fundamental to security implementation, boosting your professional IT security maturity.

Key Benefits for You:

✔ Live, instructor-led hands-on labs
✔ Learn to incorporate security into your software design process
✔ Increase your productivity and the security of your coding

Who Is It For

This course is designed for developers, DevOps, testers, auditors, and security professionals involved in the modern software development process who want to learn to build secure software by design, not an afterthought.
read less read more
What You’ll Learn

Participants will learn to independently test for web application vulnerabilities, perform threat modeling sessions, and prevent business logic vulnerabilities. Hands-on labs will increase your understanding of how to fix vulnerabilities and which design patterns to apply. Participants will also learn to practice security by design using the Security Knowledge Framework and use security automation to add value to the CI/CD pipeline.
read less read more
What It Prepares You For

By completing this course, participants will be prepared to write and independently test for web application and other vulnerabilities, fix vulnerabilities and apply secure design patterns using the Security Knowledge Framework. Participants will grow their security maturity with behavior-changing impact for new career opportunities.
read less read more
Course Outline
Expand All
Collapse All
Module 1: Intro to principles and practice of secdev
- Introduction to vulnerabilities
- Playing with identifying real threats and security requirements
Module 2: Code security
- Common server-side vulnerabilities and their defense
- Injections: SQLi, XML injections, JSON, XPath, XSS, cookie injection, open redirection, http header injection
- Path traversal, XXE, Buffer overflow, Zip bomb, Million laugh, RFI, Insecure file upload, Code execution
- Insecure direct object reference
Module 3: Security design
- Security by design
- Threat modelling
- Separation of duties, trust boundaries, security boundaries, defence in depth, principle of least privilege, minimising the attack surface, risk driven mitigation
- Business logic vulnerabilities

Participants should have a basic understanding of web development principles and familiarity with the chosen development language. They will need a computing system with adequate performance specifications and access to the provided demo environments.